{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18405?format=json","vulnerability_id":"VCID-pr1d-efrx-kbbr","summary":"POLY1305 MAC implementation corrupts XMM registers on Windows\nIssue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications on the\nWindows 64 platform when running on newer X86_64 processors supporting the\nAVX512-IFMA instructions.\n\nImpact summary: If in an application that uses the OpenSSL library an attacker\ncan influence whether the POLY1305 MAC algorithm is used, the application\nstate might be corrupted with various application dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL does\nnot save the contents of non-volatile XMM registers on Windows 64 platform\nwhen calculating the MAC of data larger than 64 bytes. Before returning to\nthe caller all the XMM registers are set to zero rather than restoring their\nprevious content. The vulnerable code is used only on newer x86_64 processors\nsupporting the AVX512-IFMA instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However given the contents of the registers are just zeroized so\nthe attacker cannot put arbitrary values inside, the most likely consequence,\nif any, would be an incorrect result of some application dependent\ncalculations or a crash leading to a denial of service.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3 and a malicious client can influence whether this AEAD\ncipher is used by the server. This implies that server applications using\nOpenSSL can be potentially impacted. However we are currently not aware of\nany concrete application that would be affected by this issue therefore we\nconsider this a Low severity security issue.\n\nAs a workaround the AVX512-IFMA instructions support can be disabled at\nruntime by setting the environment variable OPENSSL_ia32cap:\n\n  OPENSSL_ia32cap=:~0x200000\n\nThe FIPS provider is not affected by this issue.","aliases":[{"alias":"CVE-2023-4807"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/342449?format=json","purl":"pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.17&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=aarch64&distroversion=v3.17&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/318023?format=json","purl":"pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.18&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=aarch64&distroversion=v3.18&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/326122?format=json","purl":"pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.19&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=aarch64&distroversion=v3.19&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/342450?format=json","purl":"pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.17&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armhf&distroversion=v3.17&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/318024?format=json","purl":"pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.18&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armhf&distroversion=v3.18&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/326123?format=json","purl":"pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.19&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armhf&distroversion=v3.19&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/342451?format=json","purl":"pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.17&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armv7&distroversion=v3.17&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/318025?format=json","purl":"pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.18&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armv7&distroversion=v3.18&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/326124?format=json","purl":"pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.19&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armv7&distroversion=v3.19&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/342452?format=json","purl":"pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.17&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=ppc64le&distroversion=v3.17&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/318026?format=json","purl":"pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.18&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=ppc64le&distroversion=v3.18&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/326125?format=json","purl":"pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.19&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=ppc64le&distroversion=v3.19&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/342453?format=json","purl":"pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.17&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=s390x&distroversion=v3.17&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/318027?format=json","purl":"pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.18&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=s390x&distroversion=v3.18&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/326126?format=json","purl":"pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.19&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=s390x&distroversion=v3.19&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/342455?format=json","purl":"pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.17&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86_64&distroversion=v3.17&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/318029?format=json","purl":"pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.18&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86_64&distroversion=v3.18&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/326128?format=json","purl":"pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.19&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86_64&distroversion=v3.19&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/342454?format=json","purl":"pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.17&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86&distroversion=v3.17&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/318028?format=json","purl":"pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.18&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86&distroversion=v3.18&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/326127?format=json","purl":"pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.19&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86&distroversion=v3.19&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/255423?format=json","purl":"pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=aarch64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/302431?format=json","purl":"pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=aarch64&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/255424?format=json","purl":"pkg:apk/alpine/openssl@0?arch=armhf&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armhf&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/302432?format=json","purl":"pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armhf&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/255425?format=json","purl":"pkg:apk/alpine/openssl@0?arch=armv7&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armv7&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/302433?format=json","purl":"pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armv7&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/255426?format=json","purl":"pkg:apk/alpine/openssl@0?arch=loongarch64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=loongarch64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/302434?format=json","purl":"pkg:apk/alpine/openssl@0?arch=loongarch64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=loongarch64&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/255427?format=json","purl":"pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=ppc64le&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/302435?format=json","purl":"pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=ppc64le&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/255429?format=json","purl":"pkg:apk/alpine/openssl@0?arch=riscv64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=riscv64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/302436?format=json","purl":"pkg:apk/alpine/openssl@0?arch=riscv64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=riscv64&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/255430?format=json","purl":"pkg:apk/alpine/openssl@0?arch=s390x&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=s390x&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/302437?format=json","purl":"pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=s390x&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/255432?format=json","purl":"pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86_64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/302439?format=json","purl":"pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86_64&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/255431?format=json","purl":"pkg:apk/alpine/openssl@0?arch=x86&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/302438?format=json","purl":"pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/229716?format=json","purl":"pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=aarch64&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/229717?format=json","purl":"pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armhf&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/229718?format=json","purl":"pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armv7&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/229719?format=json","purl":"pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=ppc64le&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/229720?format=json","purl":"pkg:apk/alpine/openssl@0?arch=riscv64&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=riscv64&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/229721?format=json","purl":"pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=s390x&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/229723?format=json","purl":"pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86_64&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/229722?format=json","purl":"pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/361703?format=json","purl":"pkg:apk/alpine/openssl3@0?arch=aarch64&distroversion=v3.16&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl3@0%3Farch=aarch64&distroversion=v3.16&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/361704?format=json","purl":"pkg:apk/alpine/openssl3@0?arch=armhf&distroversion=v3.16&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl3@0%3Farch=armhf&distroversion=v3.16&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/361705?format=json","purl":"pkg:apk/alpine/openssl3@0?arch=armv7&distroversion=v3.16&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl3@0%3Farch=armv7&distroversion=v3.16&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/361706?format=json","purl":"pkg:apk/alpine/openssl3@0?arch=ppc64le&distroversion=v3.16&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl3@0%3Farch=ppc64le&distroversion=v3.16&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/361707?format=json","purl":"pkg:apk/alpine/openssl3@0?arch=s390x&distroversion=v3.16&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl3@0%3Farch=s390x&distroversion=v3.16&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/361709?format=json","purl":"pkg:apk/alpine/openssl3@0?arch=x86_64&distroversion=v3.16&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl3@0%3Farch=x86_64&distroversion=v3.16&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/361708?format=json","purl":"pkg:apk/alpine/openssl3@0?arch=x86&distroversion=v3.16&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl3@0%3Farch=x86&distroversion=v3.16&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/624151?format=json","purl":"pkg:conan/openssl@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/62696?format=json","purl":"pkg:conan/openssl@1.1.1w","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1w"},{"url":"http://public2.vulnerablecode.io/api/packages/201246?format=json","purl":"pkg:deb/debian/openssl@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/201221?format=json","purl":"pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7y4x-nrsa-mbb3"},{"vulnerability":"VCID-a6ex-h8k7-8fbx"},{"vulnerability":"VCID-cccj-zqe2-1bbw"},{"vulnerability":"VCID-mnvc-6qng-ufbb"},{"vulnerability":"VCID-q64m-j51z-6fhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/201219?format=json","purl":"pkg:deb/debian/openssl@3.0.20-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cccj-zqe2-1bbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.20-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/201223?format=json","purl":"pkg:deb/debian/openssl@3.5.6-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.6-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/201222?format=json","purl":"pkg:deb/debian/openssl@3.6.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/613862?format=json","purl":"pkg:conan/openssl@3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hmk7-eeaw-syfw"},{"vulnerability":"VCID-n7xs-mgeg-jued"},{"vulnerability":"VCID-pr1d-efrx-kbbr"},{"vulnerability":"VCID-u3ks-ncv4-33f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/57740?format=json","purl":"pkg:conan/openssl@1.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y34-563n-83b3"},{"vulnerability":"VCID-4dsd-gb34-tbfb"},{"vulnerability":"VCID-77dz-3tvz-c7b8"},{"vulnerability":"VCID-bf5v-rz9k-9qgh"},{"vulnerability":"VCID-f7y9-1ct6-4kgk"},{"vulnerability":"VCID-fep2-jgws-6qf6"},{"vulnerability":"VCID-gsja-3j2p-byc8"},{"vulnerability":"VCID-kpk3-xbcc-jfg8"},{"vulnerability":"VCID-m27k-yxxk-mbc6"},{"vulnerability":"VCID-n7dz-yhyf-n7e7"},{"vulnerability":"VCID-pfat-4gzk-suht"},{"vulnerability":"VCID-pr1d-efrx-kbbr"},{"vulnerability":"VCID-qf59-hskb-f7ek"},{"vulnerability":"VCID-t8ve-d7kb-tyar"},{"vulnerability":"VCID-u46f-74uq-j7hy"},{"vulnerability":"VCID-xh61-hden-qbay"},{"vulnerability":"VCID-yvae-9f18-n7ep"},{"vulnerability":"VCID-znh8-j1ww-9yb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/58806?format=json","purl":"pkg:conan/openssl@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kax-e29y-2qay"},{"vulnerability":"VCID-1y34-563n-83b3"},{"vulnerability":"VCID-4rjp-y9w5-sfak"},{"vulnerability":"VCID-5rnh-ggk4-8bdq"},{"vulnerability":"VCID-6vr9-d96b-t7cz"},{"vulnerability":"VCID-77dz-3tvz-c7b8"},{"vulnerability":"VCID-94bp-j4hm-sqb7"},{"vulnerability":"VCID-bf5v-rz9k-9qgh"},{"vulnerability":"VCID-fep2-jgws-6qf6"},{"vulnerability":"VCID-hmk7-eeaw-syfw"},{"vulnerability":"VCID-jmd8-78nq-vfg1"},{"vulnerability":"VCID-kpk3-xbcc-jfg8"},{"vulnerability":"VCID-m27k-yxxk-mbc6"},{"vulnerability":"VCID-mcrj-f2ds-c3d3"},{"vulnerability":"VCID-n7dz-yhyf-n7e7"},{"vulnerability":"VCID-n7xs-mgeg-jued"},{"vulnerability":"VCID-pfat-4gzk-suht"},{"vulnerability":"VCID-pr1d-efrx-kbbr"},{"vulnerability":"VCID-prku-34mb-d3g6"},{"vulnerability":"VCID-ptm7-pf2v-fqdc"},{"vulnerability":"VCID-qaht-xst5-pyh3"},{"vulnerability":"VCID-t8ve-d7kb-tyar"},{"vulnerability":"VCID-u3ks-ncv4-33f5"},{"vulnerability":"VCID-u4fw-w6bp-rkdq"},{"vulnerability":"VCID-vv2c-xvqf-cfdt"},{"vulnerability":"VCID-yvae-9f18-n7ep"},{"vulnerability":"VCID-znh8-j1ww-9yb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/63183?format=json","purl":"pkg:conan/openssl@3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4rjp-y9w5-sfak"},{"vulnerability":"VCID-bf5v-rz9k-9qgh"},{"vulnerability":"VCID-hmk7-eeaw-syfw"},{"vulnerability":"VCID-kpk3-xbcc-jfg8"},{"vulnerability":"VCID-n7dz-yhyf-n7e7"},{"vulnerability":"VCID-n7xs-mgeg-jued"},{"vulnerability":"VCID-pr1d-efrx-kbbr"},{"vulnerability":"VCID-t8ve-d7kb-tyar"},{"vulnerability":"VCID-u3ks-ncv4-33f5"},{"vulnerability":"VCID-u4fw-w6bp-rkdq"},{"vulnerability":"VCID-znh8-j1ww-9yb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.0"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4807.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4807.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4807","reference_id":"","reference_type":"","scores":[{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71792","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4807"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230921-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20230921-0001/"},{"reference_url":"https://www.openssl.org/news/secadv/20230908.txt","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/"}],"url":"https://www.openssl.org/news/secadv/20230908.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238009","reference_id":"2238009","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238009"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4807","reference_id":"CVE-2023-4807","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4807"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":347,"name":"Improper Verification of Cryptographic Signature","description":"The product does not verify, or incorrectly verifies, the cryptographic signature for data."},{"cwe_id":440,"name":"Expected Behavior Violation","description":"A feature, API, or function does not perform according to its specification."}],"exploits":[],"severity_range_score":"7.8 - 7.8","exploitability":"0.5","weighted_severity":"7.0","risk_score":3.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pr1d-efrx-kbbr"}